There seems
to be a lot of confusion regarding these new vulnerabilities, and as a IT security
professional, I would like to take the time to review them .
There are two
new vulnerabilities (actually three, but two are very closely related.)
Meltdown and Spectre. Both vulnerabilities are hardware based within the actual
CPU. This makes patching very difficult.
Meltdown
Meltdown is
by far the most severe. With Meltdown an attacker can copy most if not all physical
memory. This includes privileged memory in the kernel. The result of this is
being able to steal passwords, session keys and other confidential material.
Patches are
available to protect against this threat for most operating systems, however this
does come at a cost.
Since the Operating
System can no longer trust the CPU to do its job, the Operating System must
step in to do it. This brings a performance penalty which has been described as
‘non-negligible’. Reports have put this figure as low as 10 per cent, while
other reports put this figure at as high as 50 per cent. Any way you look at it
your computer is going to be slower after applying the update.
As of this
day on January 5, 2018, the only CPUs affected are the ones by Intel. While exploitation
of Meltdown is theoretically possible with both AMD and ARM CPUs, researchers
have noted no practical exploit has been achieved to date. However this may
change at a later date. One notable exception is Apple and the new iPhone. It is
vulnerable to the Meltdown attack. It seems Apple hired some ex-Intel designers
to build their new ARM CPU.
Spectre
The second-Spectre
is a very dangerous exploit. However, unlike Meltdown Spectre can only read
memory from its own process-that is memory that it ‘owns’. It cannot read any privileged
memory. Where this vulnerability could be exploited is with web browsers. One
tab could be compromised with the Spectre vulnerability and be accessing privileged
information in another tab.
Right now,
there is no patch available for this vulnerability, and to make matters worse
there is a JavaScript proof of concept floating around the Internet. It is just
a matter of time before we see actual exploits in the wild.
There is a
second variant of Spectre that can access all memory including privileged memory.
Fortunately this vulnerability is considered to be far to difficult to use effectively.
Mitigation
To greatly reduce the chances of becoming a
victim,
- Make sure your anti-virus is up to date.
- Ensure your computer is up to date with the latest software patches and updates.
- Ensure all firewalls are turned on and functional.
- Make sure that your browser is running an ad blocker. Since Spectre is likely to spread via JavaScript, a very likely attack vector will be those ads since a lot of them utilize JavaScript (this has happened before with the Washington Post and New York Times among many others)
On a side
note, applying these patches on Windows may not be successful if you are running
third party antivirus products. There are other reports that applying these
patches will cause the infamous Blue Screen of Death (BSoD)
Am I affected?
More than
likely, yes. If you are running Microsoft Windows, Microsoft has a support web
page at
Unfortunately,
this site is geared more to IT professionals and the tools provided may be
beyond the scope of some people.
For those
who are looking for more technical explanation of these vulnerabilities check
out Jake Williams (@MalwareJake) outstanding video at https://www.youtube.com/watch?v=8FFSQwrLsfE
If you have
any other questions, you should speak to a IT professional for advice. I can be
contacted on Twitter @TheTeeStar
No comments:
Post a Comment